-
Bug
-
Resolution: Done
-
Critical
-
7.1.0.DR11
I am not able to use OpenSSL provider with Elytron configuration. There are by default two provider-loaders available in default EAP7.1.0.DR11 configuration - 'openssl' and 'elytron'. When I try to set 'openssl' provider in my 'server-ssl-context', I get following NPE:
13:08:43,824 INFO [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0006: Undertow HTTP listener default listening on 127.0.0.1:8080 13:08:43,846 INFO [org.wildfly.openssl.SSL] (MSC service thread 1-8) WFOPENSSL0002 OpenSSL Version OpenSSL 1.0.2j-fips 26 Sep 2016 13:08:43,847 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-8) MSC000001: Failed to start service org.wildfly.security.ssl-context.httpsSSC: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.httpsSSC: Failed to start service at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1978) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.lang.NullPointerException at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:303) at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:45) at org.wildfly.extension.elytron.SSLDefinitions$3.lambda$getValueSupplier$1(SSLDefinitions.java:547) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) ... 3 more 13:08:43,858 INFO [org.jboss.as.patching] (MSC service thread 1-3) WFLYPAT0050: JBoss EAP cumulative patch ID is: base, one-off patches include: none 13:08:43,860 WARN [org.jboss.as.domain.management.security] (MSC service thread 1-7) WFLYDM0111: Keystore /tmp/jboss-eap-7.1/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost 13:08:43,877 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-7) WFLYDS0013: Started FileSystemDeploymentService for directory /tmp/jboss-eap-7.1/standalone/deployments 13:08:43,887 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("server-ssl-context" => "httpsSSC") ]) - failure description: { "WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.httpsSSC" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.httpsSSC: Failed to start service Caused by: java.lang.NullPointerException"}, "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.httpsSSC"] }
I can see that there is printed
13:08:43,846 INFO [org.wildfly.openssl.SSL] (MSC service thread 1-8) WFOPENSSL0002 OpenSSL Version OpenSSL 1.0.2j-fips 26 Sep 2016
which implies that OpenSSL libs were actually initialized (this message did not show up before).
Maybe I am missing something because I also tried to set:
/subsystem=elytron/server-ssl-context=httpsSSC:write-attribute(name=providers,value=elytron) reload
and got different exception:
13:21:58,705 INFO [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-5) WFLYJCA0001: Bound data source [java:jboss/datasources/ExampleDS] 13:21:58,706 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-3) MSC000001: Failed to start service org.wildfly.security.ssl-context.httpsSSC: org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.httpsSSC: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria at org.wildfly.extension.elytron.SSLDefinitions$3.lambda$getValueSupplier$1(SSLDefinitions.java:549) at org.wildfly.extension.elytron.TrivialService.start(TrivialService.java:53) at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:2032) at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1955) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria at org.wildfly.security.ssl.SSLUtils.throwIt(SSLUtils.java:127) at org.wildfly.security.ssl.SSLContextBuilder.lambda$build$0(SSLContextBuilder.java:301) at org.wildfly.security.OneTimeSecurityFactory.create(OneTimeSecurityFactory.java:45) at org.wildfly.extension.elytron.SSLDefinitions$3.lambda$getValueSupplier$1(SSLDefinitions.java:547) ... 6 more 13:21:58,709 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0012: Started server default-server. 13:21:58,709 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 57) WFLYUT0014: Creating file handler for path '/tmp/jboss-eap-7.1/welcome-content' with options [directory-listing: 'false', follow-symlink: 'false', case-sensitive: 'true', safe-symlink-paths: '[]'] 13:21:58,709 INFO [org.wildfly.extension.undertow] (MSC service thread 1-7) WFLYUT0018: Host default-host starting 13:21:58,712 INFO [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0006: Undertow HTTP listener default listening on 127.0.0.1:8080 13:21:58,732 INFO [org.jboss.as.patching] (MSC service thread 1-3) WFLYPAT0050: JBoss EAP cumulative patch ID is: base, one-off patches include: none 13:21:58,734 WARN [org.jboss.as.domain.management.security] (MSC service thread 1-1) WFLYDM0111: Keystore /tmp/jboss-eap-7.1/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost 13:21:58,738 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-1) WFLYDS0013: Started FileSystemDeploymentService for directory /tmp/jboss-eap-7.1/standalone/deployments 13:21:58,750 ERROR [org.jboss.as.controller.management-operation] (Controller Boot Thread) WFLYCTL0013: Operation ("add") failed - address: ([ ("subsystem" => "elytron"), ("server-ssl-context" => "httpsSSC") ]) - failure description: { "WFLYCTL0080: Failed services" => {"org.wildfly.security.ssl-context.httpsSSC" => "org.jboss.msc.service.StartException in service org.wildfly.security.ssl-context.httpsSSC: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria Caused by: java.security.NoSuchAlgorithmException: ELY04001: No algorithm found matching TLS/SSL protocol selection criteria"}, "WFLYCTL0412: Required services that are not installed:" => ["org.wildfly.security.ssl-context.httpsSSC"] }
Could you please advice whether it is a bug or whether I'm missing something here? Although in either way, I think that NPE should be avoided.
- incorporates
-
-
- Resolved
-
- is incorporated by
-
JBEAP-9267 Upgrade WildFly Elytron to 1.1.0.Beta29
-
- Verified
-
